Corporate computing assets, such as laptops, phones, PDAs, etc., are utilized outside corporate firewalls today more than before. With ever more employees either working from home or “on the road,” controlling and managing corporate information technology (IT) assets is becoming a difficult or serious problem. It is especially complicated when assets are lost or stolen which can compromise corporate data stored on the device.
Full disk encryption (FDE) is one technique to combat the loss of data on a lost or stolen device. Typically, FDE is employed on a drive using a pre-boot authentication (PBA) partition, and the system boots to that partition and seeks proper authentication, such as a password or certificate (which may be on a removable storage device). Once provided, the drive employing FDE may be decrypted and the main operating system employed to boot to this drive.
This PBA process requires a person to be physically present at the machine in order to provide the authentication. This prohibits a remote connection from being made, such as for allowing access by IT people desiring to provide software updates to the device, and is a major deterrent to the use of FDE. Additionally, deploying software on the FDE drive may require a reboot, which cannot be done unless a person is physically present to provide the required authentication.
Accordingly, a need exists for a manner in which to manage and provision a drive employing FDE from a remote location.